lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 23 Jan 2019 12:55:35 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Michal Hocko <mhocko@...nel.org>
Cc:     linux-kernel@...r.kernel.org,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Ulf Hansson <ulf.hansson@...aro.org>,
        Gary R Hook <ghook@....com>,
        Heiko Carstens <heiko.carstens@...ibm.com>
Subject: Re: [PATCH 2/2] debugfs: return error values, not NULL

On Wed, Jan 23, 2019 at 12:06:28PM +0100, Michal Hocko wrote:
> On Wed 23-01-19 11:28:14, Greg KH wrote:
> > When an error happens, debugfs should return an error pointer value, not
> > NULL.  This will prevent the totally theoretical error where a debugfs
> > call fails due to lack of memory, returning NULL, and that dentry value
> > is then passed to another debugfs call, which would end up succeeding,
> > creating a file at the root of the debugfs tree, but would then be
> > impossible to remove (because you can not remove the directory NULL).
> > 
> > So, to make everyone happy, always return errors, this makes the users
> > of debugfs much simpler (they do not have to ever check the return
> > value), and everyone can rest easy.
> 
> How come this is safe at all? Say you are creating a directory by
> debugfs_create_dir and then feed the return value to debugfs_create_files
> as a parent. In case of error you are giving it an invalid pointer and
> likely blow up unless I miss something.

debugfs_create_files checks for invalid parents and will just refuse to
create the file.  It's always done that.

> I do agree that reporting errors is better than a simple catch all NULL
> but this should have been done when introduced rather than now when most
> callers simply check for NULL as a failure.

I'm fixing up all the "NULL is a failure" callsites in the kernel, see
lkml for the first round of those patches.

thanks,

greg k-h

Powered by blists - more mailing lists